A quick way to scan a bunch of WordPress installs for the Docs virus. Not sure of the real name since I can't find a reference to it on the net.
dir /s /b *.php | find "docs.php"
A more thorough search is:
findstr /sim /c:"chr(base_convert(substr" *.php
This looks for the actual code that decodes the virus.
Either method could produce some false positives so apply some comment sense before deleting files.
Removing the virus consists of checking the first line in the function.php file for each theme and removing the junk after <?php
Then delete the Docs plugin.
You will need to do this with your site disabled as the plugin will reinfect the functions.php files and the functions.php extras will reinstall the plugin.
I haven't spent too much time trying to figure out what it does exactly. However, this is what I do know.
First it checks to see if the wp-content/plugins/docs/docs.php file exists and if not it downloads a copy from http://lamulata.biz/cript_doc.php
Next if the docs.php file exists it checks to see if it is activated. If not it activates it.
Registers a daily cron job which is used to update itself.
Uses the docs_wp_plugin_active_list_update action to hide itsoft from the plugin list.
Hooks the wp_head action which seems to send some data about the current request to http://22.214.171.124/index.php
Ultimately it seems to fetch some content from a remote site and includes it in the page content or completely replaces the content.
One of the side effects is that it looks for a writeable tmp directory and caches data there. I found over 25,000 files in one cache folder.
I recently had to remove a StealRat infection from a computer. Unfortunately most of the available information is out of date and only helped somewhat.
Once I found the actual file that was the issue I developed a better command to detect any other infections:
findstr /sim /c:"'](NULL)" *.php
While researching a topic for my book I cam across the original paper that helped spawn the concept of Yesterday's Weather. That is the probability that amount of work you will do next week is highly likely to be the same as the amount of work you did last week.
In this study, the authors used 111 time series to examine the accuracy of various forecasting methods, particularly time-series methods. The study shows, at least for time series, why some methods achieve greater accuracy than others for different types of data. The authors offer some explanation of the seemingly conflicting conclusions of past empirical research on the accuracy of forecasting. One novel contribution of the paper is the development of regression equations expressing accuracy as a function of factors such as randomness, seasonality, trend-cycle and the number of data points describing the series. Surprisingly, the study shows that for these 111 series simpler methods perform well in comparison to the more complex and statistically sophisticated ARMA models.
Accuracy of Forecasting: An Empirical Investigation, Spyros Makridakis, Michele Hibon and Claus Moser, Journal of the Royal Statistical Society. Series A (General), Vol. 142, No. 2 (1979), pp. 97-145.
devZing has a good post on how to delete bugs in Bugzilla.
|No Hassle Open Source Project Management Hosting|
|<< <||> >>|